SecurityServer/dbcrypto.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // dbcrypto - cryptographic core for database and key blob cryptography
  21 //
  22 #ifndef _H_DBCRYPTO
  23 #define _H_DBCRYPTO
  24
  25 #include "securityserver.h"
  26 #include <Security/cspclient.h>
  27 #include <Security/keyclient.h>
  28
  29
  30 //
  31 // A DatabaseCryptoCore object encapsulates the secret state of a database.
  32 // It provides for encoding and decoding of database blobs and key blobs,
  33 // and holds all state related to the database secrets.
  34 //
  35 class DatabaseCryptoCore {
  36 public:
  37     DatabaseCryptoCore();
  38         virtual ~DatabaseCryptoCore();
  39
  40     bool isValid() const        { return mIsValid; }
  41
  42     void generateNewSecrets();
  43
  44     DbBlob *encodeCore(const DbBlob &blobTemplate, const CssmData &passphrase,
  45         const CssmData &publicAcl, const CssmData &privateAcl) const;
  46     void decodeCore(DbBlob *blob, const CssmData &passphrase,
  47         void **privateAclBlob = NULL);
  48
  49     KeyBlob *encodeKeyCore(const CssmKey &key,
  50         const CssmData &publicAcl, const CssmData &privateAcl) const;
  51     void decodeKeyCore(KeyBlob *blob,
  52         CssmKey &key, void * &pubAcl, void * &privAcl) const;
  53
  54     static const uint32 managedAttributes = KeyBlob::managedAttributes;
  55
  56 private:
  57     bool mIsValid;                                      // master secrets are valid
  58
  59     CssmClient::Key encryptionKey;      // master encryption key
  60     CssmClient::Key signingKey;         // master signing key
  61
  62     CssmClient::Key deriveDbCryptoKey(const CssmData &passphrase, const CssmData &salt) const;
  63     CssmClient::Key makeRawKey(void *data, size_t length,
  64         CSSM_ALGORITHMS algid, CSSM_KEYUSE usage);
  65 };
  66
  67
  68 #endif //_H_DBCRYPTO