2 * Copyright (c) 2002-2011,2013 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
27 #ifndef _SECURITY_KEYITEM_H_
28 #define _SECURITY_KEYITEM_H_
30 #include <security_keychain/Item.h>
31 #include <Security/SecKeyPriv.h>
36 namespace KeychainCore
39 class KeyItem
: public ItemImpl
43 SECCFFUNCTIONS_BASE(KeyItem
, SecKeyRef
)
45 // SecKeyRef is now provided by iOS implementation, so we have to hack standard accessors normally defined by
46 // SECCFUNCTIONS macro to retarget SecKeyRef to foreign object instead of normal way through SecCFObject.
47 static KeyItem
*required(SecKeyRef ptr
);
48 static KeyItem
*optional(SecKeyRef ptr
);
49 operator CFTypeRef() const _NOEXCEPT
;
50 static SecCFObject
*fromSecKeyRef(CFTypeRef ref
);
51 void attachSecKeyRef() const;
52 void initializeWithSecKeyRef(SecKeyRef ref
);
55 // This weak backpointer to owning SecKeyRef instance (which is created by iOS SecKey code).
56 mutable SecKeyRef mWeakSecKeyRef
;
58 // db item constructor
60 KeyItem(const Keychain
&keychain
, const PrimaryKey
&primaryKey
, const CssmClient::DbUniqueRecord
&uniqueId
);
62 // PrimaryKey item constructor
63 KeyItem(const Keychain
&keychain
, const PrimaryKey
&primaryKey
);
66 static KeyItem
* make(const Keychain
&keychain
, const PrimaryKey
&primaryKey
, const CssmClient::DbUniqueRecord
&uniqueId
);
67 static KeyItem
* make(const Keychain
&keychain
, const PrimaryKey
&primaryKey
);
69 KeyItem(KeyItem
&keyItem
);
71 KeyItem(const CssmClient::Key
&key
);
75 virtual void update();
76 virtual Item
copyTo(const Keychain
&keychain
, Access
*newAccess
= NULL
);
77 virtual Item
importTo(const Keychain
&keychain
, Access
*newAccess
= NULL
, SecKeychainAttributeList
*attrList
= NULL
);
78 virtual void didModify();
80 CssmClient::SSDbUniqueRecord
ssDbUniqueRecord();
81 CssmClient::Key
&key();
82 CssmClient::CSP
csp();
84 // Returns the header of the unverified key (without checking integrity). This will skip ACL checks, but don't trust the data very much.
85 // Can't return a reference, because maybe the unverified key will get released upon return.
86 CssmKey::Header
unverifiedKeyHeader();
88 const CSSM_X509_ALGORITHM_IDENTIFIER
& algorithmIdentifier();
89 unsigned int strengthInBits(const CSSM_X509_ALGORITHM_IDENTIFIER
*algid
);
90 CssmClient::Key
publicKey();
92 const AccessCredentials
*getCredentials(
93 CSSM_ACL_AUTHORIZATION_TAG operation
,
94 SecCredentialType credentialType
);
96 bool operator == (KeyItem
&other
);
98 static void createPair(
100 CSSM_ALGORITHMS algorithm
,
101 uint32 keySizeInBits
,
102 CSSM_CC_HANDLE contextHandle
,
103 CSSM_KEYUSE publicKeyUsage
,
104 uint32 publicKeyAttr
,
105 CSSM_KEYUSE privateKeyUsage
,
106 uint32 privateKeyAttr
,
107 SecPointer
<Access
> initialAccess
,
108 SecPointer
<KeyItem
> &outPublicKey
,
109 SecPointer
<KeyItem
> &outPrivateKey
);
111 static void importPair(
113 const CSSM_KEY
&publicCssmKey
,
114 const CSSM_KEY
&privateCssmKey
,
115 SecPointer
<Access
> initialAccess
,
116 SecPointer
<KeyItem
> &outPublicKey
,
117 SecPointer
<KeyItem
> &outPrivateKey
);
119 static SecPointer
<KeyItem
> generate(
121 CSSM_ALGORITHMS algorithm
,
122 uint32 keySizeInBits
,
123 CSSM_CC_HANDLE contextHandle
,
124 CSSM_KEYUSE keyUsage
,
126 SecPointer
<Access
> initialAccess
);
128 static SecPointer
<KeyItem
> generateWithAttributes(
129 const SecKeychainAttributeList
*attrList
,
131 CSSM_ALGORITHMS algorithm
,
132 uint32 keySizeInBits
,
133 CSSM_CC_HANDLE contextHandle
,
134 CSSM_KEYUSE keyUsage
,
136 SecPointer
<Access
> initialAccess
);
138 virtual const CssmData
&itemID();
140 virtual CFHashCode
hash();
142 virtual void setIntegrity(bool force
= false);
143 virtual bool checkIntegrity();
145 // Call this function to remove the integrity and partition_id ACLs from
146 // this item. You're not supposed to be able to do this, so force the issue
147 // by providing credentials to this keychain.
148 virtual void removeIntegrity(const AccessCredentials
*cred
);
150 static void modifyUniqueId(Keychain keychain
, SSDb ssDb
, DbUniqueRecord
& uniqueId
, DbAttributes
& newDbAttributes
, CSSM_DB_RECORDTYPE recordType
);
153 virtual PrimaryKey
add(Keychain
&keychain
);
155 CssmClient::Key
unverifiedKey();
157 CssmClient::Key mKey
;
158 const CSSM_X509_ALGORITHM_IDENTIFIER
*algid
;
159 CssmAutoData mPubKeyHash
;
160 CssmClient::Key mPublicKey
;
163 } // end namespace KeychainCore
165 } // end namespace Security
167 class CDSASecKey
: public __SecKey
{
169 static Security::KeychainCore::KeyItem
*keyItem(SecKeyRef key
) {
170 CDSASecKey
*cdsaKey
= static_cast<CDSASecKey
*>(key
);
171 return static_cast<Security::KeychainCore::KeyItem
*>(cdsaKey
->key
);
173 SecCredentialType credentialType
;
177 #endif // !_SECURITY_KEYITEM_H_
projects / apple / security.git / blob