SecurityServer/ucsp.defs

   1 //
   2 // ucsp.defs - Mach RPC interface between SecurityServer and its clients
   3 //
   4 #include <mach/std_types.defs>
   5 #include <mach/mach_types.defs>
   6
   7 subsystem ucsp 1000;
   8 serverprefix ucsp_server_;
   9 userprefix ucsp_client_;
  10
  11 import "securityserver.h";
  12 import "ucsp_types.h";
  13
  14
  15 //
  16 // Data types
  17 //
  18 type Data = array [] of char;
  19
  20 type KeyHandle = unsigned32;
  21 type KeyBlob = Data
  22         ctype: Pointer;
  23
  24 type DbHandle = unsigned32;
  25 type DbBlob = Data
  26         ctype: Pointer;
  27
  28 type AclEntryPrototypeBlob = Data
  29         ctype: AclEntryPrototypePtr;
  30 type AclEntryPrototypePtr = unsigned32;
  31
  32 type AclEntryInfoBlob = Data
  33         ctype: AclEntryInfoPtr;
  34 type AclEntryInfoPtr = unsigned32;
  35
  36 type AclOwnerPrototypeBlob = Data
  37         ctype: AclOwnerPrototypePtr;
  38 type AclOwnerPrototypePtr = unsigned32;
  39
  40 type AccessCredentialsBlob = Data
  41         ctype: AccessCredentialsPtr;
  42 type AccessCredentialsPtr = unsigned32;
  43
  44 type DLDbIdentBlob = Data
  45     ctype: DLDbIdentPtr;
  46 type DLDbIdentPtr = unsigned32;
  47
  48 type Context = struct [9] of unsigned32
  49         ctype: CSSM_CONTEXT
  50         intran: Context inTrans(CSSM_CONTEXT);
  51 type ContextAttributes = array [] of char
  52         cservertype: ContextAttributesPointer;
  53
  54 type CssmKeyHeader = struct [23] of unsigned32;
  55
  56 type CssmKey = struct [23+2] of unsigned32
  57         ctype: CSSM_KEY
  58         intran: CssmKey inTrans(CSSM_KEY)
  59         outtran: CSSM_KEY outTrans(CssmKey);
  60
  61 type DBParameters = struct [1] of unsigned32;
  62
  63 type AuthorizationItemSetBlob = Data
  64         ctype: AuthorizationItemSetPtr;
  65 type AuthorizationItemSetPtr = unsigned32;
  66
  67 type AuthorizationBlob = struct [2] of unsigned32;                              // 8 opaque bytes
  68 type AuthorizationExternalForm = struct [8] of unsigned32;              // 32 opaque bytes
  69
  70 type CssmString = c_string[*:64+4];
  71 type AuthorizationString = c_string[*:1024];
  72 type CSSM_RETURN = int32;
  73 type CSSM_ALGORITHMS = unsigned32;
  74 type CSSM_ACL_EDIT_MODE = unsigned32;
  75 type CSSM_ACL_HANDLE = unsigned32;
  76 type AclKind = unsigned32;
  77 type uint32 = unsigned32;
  78 type SecuritySessionId = unsigned32;
  79 type SessionAttributeBits = unsigned32;
  80 type SessionCreationFlags = unsigned32;
  81
  82 type Pointer = unsigned32;
  83
  84 type ExecutablePath = c_string[*:2048];
  85
  86
  87 //
  88 // Common argument profiles
  89 //
  90 #define UCSP_PORTS      requestport sport: mach_port_t; \
  91                                         replyport rport: mach_port_make_send_t; \
  92                     serversectoken sourceSecurity: security_token_t; \
  93                                         out rcode: CSSM_RETURN
  94 #define IN_CONTEXT      in context: Context; in contextBase: Pointer; in attrs: ContextAttributes
  95 #define IN_BLOB(name,type)      in name: type##Blob; in name##Base: type##Ptr
  96 #define OUT_BLOB(name,type)     out name: type##Blob; out name##Base: type##Ptr
  97
  98
  99 //
 100 // Management and administrative functions
 101 //
 102 routine setup(UCSP_PORTS; in tport: mach_port_t; in executablePath: ExecutablePath);
 103 routine teardown(UCSP_PORTS);
 104
 105
 106 //
 107 // Database management
 108 //
 109 routine createDb(UCSP_PORTS; out db: DbHandle; IN_BLOB(ident,DLDbIdent);
 110     IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
 111     in params: DBParameters);
 112 routine decodeDb(UCSP_PORTS; out db: DbHandle; IN_BLOB(ident,DLDbIdent);
 113     IN_BLOB(accessCredentials,AccessCredentials); in blob: DbBlob);
 114 routine encodeDb(UCSP_PORTS; in db: DbHandle; out blob: DbBlob);
 115 routine releaseDb(UCSP_PORTS; in db: DbHandle);
 116 routine authenticateDb(UCSP_PORTS; in db: DbHandle; IN_BLOB(accessCredentials,AccessCredentials));
 117 routine setDbParameters(UCSP_PORTS; in db: DbHandle; in params: DBParameters);
 118 routine getDbParameters(UCSP_PORTS; in db: DbHandle; out params: DBParameters);
 119 routine changePassphrase(UCSP_PORTS; in db: DbHandle;
 120         IN_BLOB(accessCredentials,AccessCredentials));
 121 routine lockDb(UCSP_PORTS; in db: DbHandle);
 122 routine unlockDb(UCSP_PORTS; in db: DbHandle);
 123 routine unlockDbWithPassphrase(UCSP_PORTS; in db: DbHandle; in passPhrase: Data);
 124 routine isLocked(UCSP_PORTS; in db: DbHandle; out locked: boolean_t);
 125
 126
 127 //
 128 // Key management
 129 //
 130 routine encodeKey(UCSP_PORTS; in key: KeyHandle; out blob: KeyBlob;
 131     in wantUid: boolean_t; out uid: Data);
 132 routine decodeKey(UCSP_PORTS; out key: KeyHandle; out header: CssmKeyHeader;
 133     in db: DbHandle; in blob: KeyBlob);
 134 routine releaseKey(UCSP_PORTS; in key: KeyHandle);
 135
 136
 137 //
 138 // Random numbers
 139 //
 140 routine generateRandom(UCSP_PORTS; in bytes: uint32; out data: Data);
 141
 142
 143 //
 144 // Cryptographic operations
 145 //
 146 routine generateSignature(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
 147         in data: Data; out signature: Data);
 148 routine verifySignature(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
 149         in data: Data; in signature: Data);
 150 routine generateMac(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
 151         in data: Data; out signature: Data);
 152 routine verifyMac(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
 153         in data: Data; in signature: Data);
 154
 155 routine encrypt(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle; in clear: Data; out cipher: Data);
 156 routine decrypt(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle; in cipher: Data; out clear: Data);
 157
 158 routine generateKey(UCSP_PORTS; in db: DbHandle; IN_CONTEXT;
 159         IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
 160         in keyUsage: uint32; in keyAttrs: uint32; out key: KeyHandle; out header: CssmKeyHeader);
 161 routine generateKeyPair(UCSP_PORTS; in db: DbHandle; IN_CONTEXT;
 162         IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
 163         in pubUsage: uint32; in pubAttrs: uint32; in privUsage: uint32; in privAttrs: uint32;
 164         out pubKey: KeyHandle; out pubHeader: CssmKeyHeader;
 165     out privKey: KeyHandle; out privHeader: CssmKeyHeader);
 166
 167 routine wrapKey(UCSP_PORTS; IN_CONTEXT; in key: KeyHandle;
 168     IN_BLOB(accessCredentials,AccessCredentials); in keyToBeWrapped: KeyHandle;
 169         in data: Data; out wrappedKey: CssmKey; out wrappedKeyData: Data);
 170 routine unwrapKey(UCSP_PORTS; in db: DbHandle; IN_CONTEXT; in key: KeyHandle;
 171         IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclEntryPrototype,AclEntryPrototype);
 172         in publicKey: KeyHandle; in wrappedKey: CssmKey; in wrappedKeyData: Data;
 173         in usage: uint32; in attributes: uint32; out data: Data;
 174     out resultKey: KeyHandle; out header: CssmKeyHeader);
 175
 176
 177 //
 178 // ACL management
 179 //
 180 routine getOwner(UCSP_PORTS; in kind: AclKind; in key: KeyHandle;
 181         out proto: AclOwnerPrototypeBlob; out protoBase: AclOwnerPrototypePtr);
 182 routine setOwner(UCSP_PORTS; in kind: AclKind; in key: KeyHandle;
 183         IN_BLOB(accessCredentials,AccessCredentials); IN_BLOB(aclOwnerPrototype,AclOwnerPrototype));
 184 routine getAcl(UCSP_PORTS; in kind: AclKind; in key: KeyHandle;
 185         in haveTag: boolean_t; in tag: CssmString;
 186         out count: uint32; out acls: AclEntryInfoBlob; out aclsBase: AclEntryInfoPtr);
 187 routine changeAcl(UCSP_PORTS; in kind: AclKind; in key: KeyHandle;
 188         IN_BLOB(accessCredentials,AccessCredentials);
 189         in mode: CSSM_ACL_EDIT_MODE; in handle: CSSM_ACL_HANDLE;
 190         IN_BLOB(aclEntryPrototype,AclEntryPrototype));
 191
 192
 193 //
 194 // Authorization subsystem
 195 //
 196 routine authorizationCreate(UCSP_PORTS; IN_BLOB(rights,AuthorizationItemSet);
 197         in flags: uint32;
 198         IN_BLOB(environment,AuthorizationItemSet);
 199         out authorization: AuthorizationBlob);
 200
 201 routine authorizationRelease(UCSP_PORTS; in authorization: AuthorizationBlob;
 202         in flags: uint32);
 203
 204 routine authorizationCopyRights(UCSP_PORTS; in authorization: AuthorizationBlob;
 205         IN_BLOB(rights,AuthorizationItemSet); in flags: uint32;
 206         IN_BLOB(environment,AuthorizationItemSet);
 207         OUT_BLOB(result,AuthorizationItemSet));
 208
 209 routine authorizationCopyInfo(UCSP_PORTS; in authorization: AuthorizationBlob;
 210         in tag: AuthorizationString;
 211         OUT_BLOB(info,AuthorizationItemSet));
 212
 213 routine authorizationExternalize(UCSP_PORTS; in authorization: AuthorizationBlob;
 214         out form: AuthorizationExternalForm);
 215
 216 routine authorizationInternalize(UCSP_PORTS; in form: AuthorizationExternalForm;
 217         out authorization: AuthorizationBlob);
 218
 219
 220 //
 221 // Session management subsystem
 222 //
 223 routine getSessionInfo(UCSP_PORTS; inout sessionId: SecuritySessionId;
 224     out attrs: SessionAttributeBits);
 225
 226 routine setupSession(UCSP_PORTS; in flags: SessionCreationFlags; in attrs: SessionAttributeBits);