]> git.saurik.com Git - apple/security.git/blob - libsecurity_cdsa_client/lib/cspclient.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55163.44.tar.gz
[apple/security.git] / libsecurity_cdsa_client / lib / cspclient.h
1 /*
2 * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // cspclient - client interface to CSSM CSPs and their operations
21 //
22 #ifndef _H_CDSA_CLIENT_CSPCLIENT
23 #define _H_CDSA_CLIENT_CSPCLIENT 1
24
25 #include <security_cdsa_client/cssmclient.h>
26 #include <security_cdsa_utilities/context.h>
27 #include <security_cdsa_utilities/cssmacl.h>
28
29 namespace Security {
30 namespace CssmClient {
31
32
33 //
34 // A CSP attachment
35 //
36 class CSPImpl : public AttachmentImpl
37 {
38 public:
39 CSPImpl(const Guid &guid);
40 CSPImpl(const Module &module);
41 virtual ~CSPImpl();
42
43 // the least inappropriate place for this one
44 void freeKey(CssmKey &key, const AccessCredentials *cred = NULL, bool permanent = false);
45 };
46
47 class CSP : public Attachment
48 {
49 public:
50 typedef CSPImpl Impl;
51
52 explicit CSP(Impl *impl) : Attachment(impl) {}
53 CSP(const Guid &guid) : Attachment(new Impl(guid)) {}
54 CSP(const Module &module) : Attachment(new Impl(module)) {}
55
56 Impl *operator ->() const { return &impl<Impl>(); }
57 Impl &operator *() const { return impl<Impl>(); }
58 };
59
60 //
61 // A cryptographic context.
62 // Contexts always belong to CSPs (CSP attachments).
63 //
64 class Context : public ObjectImpl
65 {
66 public:
67 Context(const CSP &csp, CSSM_ALGORITHMS alg = CSSM_ALGID_NONE);
68 ~Context();
69
70 CSP attachment() const { return parent<CSP>(); }
71 Module module() const { return attachment()->module(); }
72
73 CSSM_ALGORITHMS algorithm() const { return mAlgorithm; }
74 void algorithm(CSSM_ALGORITHMS alg);
75
76 const AccessCredentials *cred() const { return mCred; }
77 void cred(const CSSM_ACCESS_CREDENTIALS *cred);
78 void cred(const CSSM_ACCESS_CREDENTIALS &cred) { this->cred(&cred); }
79
80 public:
81 CSSM_CC_HANDLE handle() { activate(); return mHandle; }
82
83 uint32 getOutputSize(uint32 inputSize, bool encrypt = true);
84 void getOutputSize(CSSM_QUERY_SIZE_DATA &sizes, uint32 count, bool encrypt = true);
85
86 public:
87 // don't use this section unless you know what you're doing!
88 void override(const ::Context &ctx);
89
90 template <class T>
91 void set(CSSM_ATTRIBUTE_TYPE type, const T &value)
92 {
93 if (isActive()) {
94 ::Context::Attr attr(type, value);
95 check(CSSM_UpdateContextAttributes(mHandle, 1, &attr));
96 }
97 }
98
99 void set(CSSM_ATTRIBUTE_TYPE type, uint32 value)
100 {
101 if (isActive()) {
102 ::Context::Attr attr(type, value);
103 check(CSSM_UpdateContextAttributes(mHandle, 1, &attr));
104 }
105 }
106
107 template <class T>
108 void add(CSSM_ATTRIBUTE_TYPE type, const T &value)
109 { activate(); set(type, value); }
110
111 void add(CSSM_ATTRIBUTE_TYPE type, uint32 value)
112 { activate(); set(type, value); }
113
114 protected:
115 void deactivate();
116
117 virtual void init(); // Subclasses must implement if they support staged operations.
118
119 void unstaged()
120 { activate(); if (mStaged) CssmError::throwMe(CSSMERR_CSP_STAGED_OPERATION_IN_PROGRESS); }
121
122 void staged()
123 { if (!mStaged) init(); }
124
125 const AccessCredentials *neededCred()
126 { return AccessCredentials::needed(mCred); }
127
128 protected:
129 CSSM_ALGORITHMS mAlgorithm; // intended algorithm
130 CSSM_CC_HANDLE mHandle; // CSSM CC handle
131 bool mStaged; // staged in progress
132 const AccessCredentials *mCred; // if explicitly set
133 };
134
135
136 //
137 // An RccBearer holds a ResourceControlContext. Note that this is a composite
138 // of an AccessCredentials and an AclEntryInput. We allow setting the whole
139 // thing, or its two components separately. A complete rcc set (via ::rcc)
140 // overrides any components.
141 // @@@ Perhaps we should merge components into a specified rcc? Iffy, though...
142 // Note: We call the credential components "opCred" to distinguish it from
143 // the "cred" of a CredBearer; some classes are both. As a rule, the "cred" goes
144 // into the context, while the "opCred" gets passed as an argument.
145 //
146 class RccBearer {
147 public:
148 RccBearer() : mOpCred(NULL), mOwner(NULL), mRcc(NULL) { }
149
150 const AccessCredentials *opCred() const { return mOpCred; }
151 void opCred(const CSSM_ACCESS_CREDENTIALS *cred) { mOpCred = AccessCredentials::overlay(cred); }
152 void opCred(const CSSM_ACCESS_CREDENTIALS &cred) { this->opCred(&cred); }
153 const AclEntryInput *owner() const { return mOwner; }
154 void owner(const CSSM_ACL_ENTRY_INPUT *owner) { mOwner = AclEntryInput::overlay(owner); }
155 void owner(const CSSM_ACL_ENTRY_INPUT &owner) { this->owner(&owner); }
156 void owner(const CSSM_ACL_ENTRY_PROTOTYPE *owner);
157 void owner(const CSSM_ACL_ENTRY_PROTOTYPE &owner) { this->owner(&owner); }
158 const ResourceControlContext *rcc() const { return mRcc; }
159 void rcc(const CSSM_RESOURCE_CONTROL_CONTEXT *rcc)
160 { mRcc = ResourceControlContext::overlay(rcc); }
161 void rcc(const CSSM_RESOURCE_CONTROL_CONTEXT &rcc) { this->rcc(&rcc); }
162
163 protected:
164 const ResourceControlContext &compositeRcc() const;
165
166 private:
167 // an RCC contains both a cred and entryInput
168 // mCred/mAcl are only considered if mRcc is not set (NULL)
169 const AccessCredentials *mOpCred;
170 const AclEntryInput *mOwner;
171 const ResourceControlContext *mRcc;
172
173 mutable ResourceControlContext mWorkRcc; // work area
174 mutable AclEntryInput mWorkInput; // work area
175 };
176
177
178 //
179 // A PassThough context
180 //
181 class PassThrough : public Context
182 {
183 public:
184 PassThrough(const CSP &csp) : Context(csp) { }
185
186 public:
187 void operator () (uint32 passThroughId, const void *inData, void **outData);
188
189 template <class TIn, class TOut>
190 void operator () (uint32 passThroughId, const TIn *inData, TOut **outData)
191 { operator () (passThroughId, (const void *)inData, (void **)outData); }
192
193 template <class TIn>
194 void operator () (uint32 passThroughId, const TIn *inData)
195 { operator () (passThroughId, (const void *)inData, NULL); }
196
197 const CSSM_KEY *key() const { return mKey; }
198 void key(const CSSM_KEY *k) { mKey = k; set(CSSM_ATTRIBUTE_KEY, k); }
199
200 protected:
201 void activate();
202
203 protected:
204 const CSSM_KEY *mKey;
205 };
206
207
208 //
209 // A Digest context
210 //
211 class Digest : public Context
212 {
213 public:
214 Digest(const CSP &csp, CSSM_ALGORITHMS alg) : Context(csp, alg) { }
215
216 public:
217 // integrated
218 void digest(const CssmData &data, CssmData &digest) { this->digest(&data, 1, digest); }
219 void digest(const CssmData *data, uint32 count, CssmData &digest);
220
221 // staged
222 void digest(const CssmData &data) { digest(&data, 1); }
223 void digest(const CssmData *data, uint32 count);
224 void operator () (CssmData &digest);
225 CssmData operator () () { CssmData digest; (*this)(digest); return digest; }
226
227 protected:
228 void activate();
229 };
230
231
232 //
233 // A [P]RNG context
234 //
235 class Random : public Context
236 {
237 public:
238 Random(const CSP &csp, CSSM_ALGORITHMS alg) : Context(csp, alg), mSeed(NULL), mSize(1) { }
239 Random(const CSP &csp, CSSM_ALGORITHMS alg, const CssmCryptoData &seed)
240 : Context(csp, alg), mSeed(&seed), mSize(1) { }
241 Random(const CSP &csp, CSSM_ALGORITHMS alg, uint32 size)
242 : Context(csp, alg), mSeed(NULL), mSize(size) { }
243 Random(const CSP &csp, CSSM_ALGORITHMS alg, const CssmCryptoData &seed, uint32 size)
244 : Context(csp, alg), mSeed(&seed), mSize(size) { }
245
246 void seed(const CssmCryptoData &data);
247 void size(uint32 size);
248
249 public:
250 void generate(CssmData &data, uint32 size = 0);
251
252 // alternate function-call form
253 CssmData operator () (uint32 size = 0)
254 { CssmData output; generate(output, size); return output; }
255
256 protected:
257 void activate();
258
259 private:
260 const CssmCryptoData *mSeed;
261 uint32 mSize;
262 };
263
264
265 } // end namespace CssmClient
266 } // end namespace Security
267
268 #endif // _H_CDSA_CLIENT_CSPCLIENT
mirror of Security