]> git.saurik.com Git - apple/security.git/blob - SecurityServer/ucsp.defs
Security-177.tar.gz
[apple/security.git] / SecurityServer / ucsp.defs
1 //
2 // ucsp.defs - Mach RPC interface between SecurityServer and its clients
3 //
4 #include <mach/std_types.defs>
5 #include <mach/mach_types.defs>
6
7 subsystem ucsp 1000;
8 serverprefix ucsp_server_;
9 userprefix ucsp_client_;
10
11 import "securityserver.h";
12 import "ucsp_types.h";
13
14
15 //
16 // Data types
17 //
18 type Data = array [] of char;
19
20 type Pointer = unsigned32;
21 type BasePointer = unsigned32;
22
23 type KeyHandle = unsigned32;
24 type KeyBlob = Data
25 ctype: Pointer;
26
27 type DbHandle = unsigned32;
28 type DbBlob = Data
29 ctype: Pointer;
30
31 type AclEntryPrototypeBlob = Data
32 ctype: AclEntryPrototypePtr;
33 type AclEntryPrototypePtr = BasePointer;
34
35 type AclEntryInfoBlob = Data
36 ctype: AclEntryInfoPtr;
37 type AclEntryInfoPtr = BasePointer;
38
39 type AclEntryInputBlob = Data
40 ctype: AclEntryInputPtr;
41 type AclEntryInputPtr = BasePointer;
42
43 type AclOwnerPrototypeBlob = Data
44 ctype: AclOwnerPrototypePtr;
45 type AclOwnerPrototypePtr = BasePointer;
46
47 type AccessCredentialsBlob = Data
48 ctype: AccessCredentialsPtr;
49 type AccessCredentialsPtr = BasePointer;
50
51 type DLDbIdentBlob = Data
52 ctype: DLDbIdentPtr;
53 type DLDbIdentPtr = BasePointer;
54
55 type ParamInputBlob = Data
56 ctype: ParamInputPtr;
57 type ParamInputPtr = BasePointer;
58
59 type VoidBlob = Data
60 ctype: VoidPtr;
61 type VoidPtr = unsigned32;
62
63 type SetupInfo = struct[4] of uint8_t
64 ctype: ClientSetupInfo;
65
66 type Context = struct [9*4] of uint8_t
67 ctype: CSSM_CONTEXT
68 intran: Context inTrans(CSSM_CONTEXT);
69 type ContextAttributes = array [] of char
70 cservertype: ContextAttributesPointer;
71
72 type CssmKeyHeader = struct [23*4] of uint8_t;
73
74 type CssmKey = struct [(23+2)*4] of uint8_t
75 ctype: CSSM_KEY
76 intran: CssmKey inTrans(CSSM_KEY)
77 outtran: CSSM_KEY outTrans(CssmKey);
78
79 type CSSM_KEY_SIZE = struct [2*4] of uint32_t
80 ctype: CSSM_KEY_SIZE;
81
82 type DBParameters = struct [1*4] of uint32_t;
83
84 type AuthorizationItemSetBlob = Data
85 ctype: AuthorizationItemSetPtr;
86 type AuthorizationItemSetPtr = BasePointer;
87
88 type AuthorizationBlob = struct [8] of uint8_t; // 8 opaque bytes
89 type AuthorizationExternalForm = struct [32] of uint8_t; // 32 opaque bytes
90
91 type CssmString = c_string[*:64+4];
92 type AuthorizationString = c_string[*:1024];
93 type CSSM_RETURN = int32;
94 type CSSM_ALGORITHMS = unsigned32;
95 type CSSM_ACL_EDIT_MODE = unsigned32;
96 type CSSM_ACL_HANDLE = unsigned32;
97 type AclKind = unsigned32;
98 type uint32 = unsigned32;
99 type SecuritySessionId = unsigned32;
100 type SessionAttributeBits = unsigned32;
101 type SessionCreationFlags = unsigned32;
102
103 type ExecutablePath = c_string[*:2048];
104
105
106 //
107 // Common argument profiles
108 //
109 #define UCSP_PORTS requestport sport: mach_port_t; \
110 replyport rport: mach_port_make_send_t; \
111 serveraudittoken sourceAudit: audit_token_t; \
112 out rcode: CSSM_RETURN
113 #define IN_CONTEXT in context: Context; in contextBase: BasePointer; in attrs: ContextAttributes
114 #define IN_BLOB(name,type) in name: type##Blob; in name##Base: type##Ptr
115 #define OUT_BLOB(name,type) out name: type##Blob; out name##Base: type##Ptr
116
117
118 //
119 // Management and administrative functions
120 //
121 routine setup(UCSP_PORTS; in tport: mach_port_t; in info: SetupInfo; in executablePath: ExecutablePath);
122 routine setupNew(UCSP_PORTS; in tport: mach_port_t; in info: SetupInfo; in executablePath: ExecutablePath;
123 out newServicePort: mach_port_make_send_t);
124 routine setupThread(UCSP_PORTS; in tport: mach_port_t);
125 routine teardown(UCSP_PORTS);
126
127
128 //
129 // Database management
130 //
131 routine createDb(UCSP_PORTS; out db: DbHandle; IN_BLOB(ident,DLDbIdent);
132 IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
133 in params: DBParameters);
134 routine decodeDb(UCSP_PORTS; out db: DbHandle; IN_BLOB(ident,DLDbIdent);
135 IN_BLOB(accessCredentials,AccessCredentials); in blob: DbBlob);
136 routine encodeDb(UCSP_PORTS; in db: DbHandle; out blob: DbBlob);
137 routine releaseDb(UCSP_PORTS; in db: DbHandle);
138 routine authenticateDb(UCSP_PORTS; in db: DbHandle; IN_BLOB(accessCredentials,AccessCredentials));
139 routine setDbParameters(UCSP_PORTS; in db: DbHandle; in params: DBParameters);
140 routine getDbParameters(UCSP_PORTS; in db: DbHandle; out params: DBParameters);
141 routine changePassphrase(UCSP_PORTS; in db: DbHandle;
142 IN_BLOB(accessCredentials,AccessCredentials));
143 routine lockDb(UCSP_PORTS; in db: DbHandle);
144 routine lockAll(UCSP_PORTS; in forSleep: boolean_t);
145 routine unlockDb(UCSP_PORTS; in db: DbHandle);
146 routine unlockDbWithPassphrase(UCSP_PORTS; in db: DbHandle; in passPhrase: Data);
147 routine isLocked(UCSP_PORTS; in db: DbHandle; out locked: boolean_t);
148
149
150 //
151 // Key management
152 //
153 routine encodeKey(UCSP_PORTS; in key: KeyHandle; out blob: KeyBlob;
154 in wantUid: boolean_t; out uid: Data);
155 routine decodeKey(UCSP_PORTS; out key: KeyHandle; out header: CssmKeyHeader;
156 in db: DbHandle; in blob: KeyBlob);
157 routine releaseKey(UCSP_PORTS; in key: KeyHandle);
158
159 routine queryKeySizeInBits(UCSP_PORTS; in key: KeyHandle; out length: CSSM_KEY_SIZE);
160 routine getOutputSize(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
161 in inputSize: uint32; in encrypt: boolean_t; out outputSize: uint32);
162
163 routine getKeyDigest(UCSP_PORTS; in key: KeyHandle; out digest: Data);
164
165 //
166 // Random numbers
167 //
168 routine generateRandom(UCSP_PORTS; in bytes: uint32; out data: Data);
169
170
171 //
172 // Cryptographic operations
173 //
174 routine generateSignature(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
175 in signOnlyAlgorithm: CSSM_ALGORITHMS; in data: Data; out signature: Data);
176 routine verifySignature(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
177 in signOnlyAlgorithm: CSSM_ALGORITHMS; in data: Data; in signature: Data);
178 routine generateMac(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
179 in data: Data; out signature: Data);
180 routine verifyMac(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
181 in data: Data; in signature: Data);
182
183 routine encrypt(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle; in clear: Data; out cipher: Data);
184 routine decrypt(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle; in cipher: Data; out clear: Data);
185
186 routine generateKey(UCSP_PORTS; in db: DbHandle; IN_CONTEXT;
187 IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
188 in keyUsage: uint32; in keyAttrs: uint32; out key: KeyHandle; out header: CssmKeyHeader);
189 routine generateKeyPair(UCSP_PORTS; in db: DbHandle; IN_CONTEXT;
190 IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
191 in pubUsage: uint32; in pubAttrs: uint32; in privUsage: uint32; in privAttrs: uint32;
192 out pubKey: KeyHandle; out pubHeader: CssmKeyHeader;
193 out privKey: KeyHandle; out privHeader: CssmKeyHeader);
194 routine deriveKey(UCSP_PORTS; in db: DbHandle; IN_CONTEXT; in baseKey: KeyHandle;
195 IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
196 IN_BLOB(paramInput,ParamInput); out paramOutput: Data;
197 in keyUsage: uint32; in keyAttrs: uint32; out key: KeyHandle; out header: CssmKeyHeader);
198
199 routine wrapKey(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
200 IN_BLOB(accessCredentials,AccessCredentials); in keyToBeWrapped: KeyHandle;
201 in data: Data; out wrappedKey: CssmKey; out wrappedKeyData: Data);
202 routine unwrapKey(UCSP_PORTS; in db: DbHandle; IN_CONTEXT; in key: KeyHandle;
203 IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
204 in publicKey: KeyHandle; in wrappedKey: CssmKey; in wrappedKeyData: Data;
205 in usage: uint32; in attributes: uint32; out data: Data;
206 out resultKey: KeyHandle; out header: CssmKeyHeader);
207
208
209 //
210 // ACL management
211 //
212 routine getOwner(UCSP_PORTS; in kind: AclKind; in key: KeyHandle;
213 out proto: AclOwnerPrototypeBlob; out protoBase: AclOwnerPrototypePtr);
214 routine setOwner(UCSP_PORTS; in kind: AclKind; in key: KeyHandle;
215 IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclOwnerPrototype,AclOwnerPrototype));
216 routine getAcl(UCSP_PORTS; in kind: AclKind; in key: KeyHandle;
217 in haveTag: boolean_t; in tag: CssmString;
218 out count: uint32; out acls: AclEntryInfoBlob; out aclsBase: AclEntryInfoPtr);
219 routine changeAcl(UCSP_PORTS; in kind: AclKind; in key: KeyHandle;
220 IN_BLOB(accessCredentials,AccessCredentials);
221 in mode: CSSM_ACL_EDIT_MODE; in handle: CSSM_ACL_HANDLE;
222 IN_BLOB(aclEntryInput,AclEntryInput));
223
224
225 //
226 // Authorization subsystem
227 //
228 routine authorizationCreate(UCSP_PORTS; IN_BLOB(rights,AuthorizationItemSet);
229 in flags: uint32;
230 IN_BLOB(environment,AuthorizationItemSet);
231 out authorization: AuthorizationBlob);
232
233 routine authorizationRelease(UCSP_PORTS; in authorization: AuthorizationBlob;
234 in flags: uint32);
235
236 routine authorizationCopyRights(UCSP_PORTS; in authorization: AuthorizationBlob;
237 IN_BLOB(rights,AuthorizationItemSet); in flags: uint32;
238 IN_BLOB(environment,AuthorizationItemSet);
239 OUT_BLOB(result,AuthorizationItemSet));
240
241 routine authorizationCopyInfo(UCSP_PORTS; in authorization: AuthorizationBlob;
242 in tag: AuthorizationString;
243 OUT_BLOB(info,AuthorizationItemSet));
244
245 routine authorizationExternalize(UCSP_PORTS; in authorization: AuthorizationBlob;
246 out form: AuthorizationExternalForm);
247
248 routine authorizationInternalize(UCSP_PORTS; in form: AuthorizationExternalForm;
249 out authorization: AuthorizationBlob);
250
251
252 //
253 // Session management subsystem
254 //
255 routine getSessionInfo(UCSP_PORTS; inout sessionId: SecuritySessionId;
256 out attrs: SessionAttributeBits);
257
258 routine setupSession(UCSP_PORTS; in flags: SessionCreationFlags; in attrs: SessionAttributeBits);
259
260
261 //
262 // Notification subsystem
263 //
264 routine requestNotification(UCSP_PORTS; in receiver: mach_port_t; in domain: uint32; in events: uint32);
265 routine stopNotification(UCSP_PORTS; in receiver: mach_port_t);
266 routine postNotification(UCSP_PORTS; in domain: uint32; in event: uint32; in data: Data);
267
268
269 //
270 // Database key management
271 //
272 routine extractMasterKey(UCSP_PORTS; in db: DbHandle; IN_CONTEXT; in sourceDb: DbHandle;
273 IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
274 in keyUsage: uint32; in keyAttrs: uint32; out key: KeyHandle; out header: CssmKeyHeader);
275
276 routine getDbIndex(UCSP_PORTS; in db: DbHandle; out index: Data);
277
278 //
279 // AuthorizationDB operations
280 //
281 routine authorizationdbGet(UCSP_PORTS; in rightname: AuthorizationString; out rightdefinition: Data);
282 routine authorizationdbSet(UCSP_PORTS; in authorization: AuthorizationBlob; in rightname: AuthorizationString; in rightDefinition: Data);
283 routine authorizationdbRemove(UCSP_PORTS; in authorization: AuthorizationBlob; in rightname: AuthorizationString);
284
285
286 //
287 // Miscellaneous administrative calls
288 //
289 routine addCodeEquivalence(UCSP_PORTS; in oldCode: Data; in newCode: Data; in name: ExecutablePath;
290 in forSystem: boolean_t);
291 routine removeCodeEquivalence(UCSP_PORTS; in code: Data; in name: ExecutablePath;
292 in forSystem: boolean_t);
293 routine setAlternateSystemRoot(UCSP_PORTS; in path: ExecutablePath);