]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_apple_csp/lib/AppleCSPSession.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.1.18.tar.gz
[apple/security.git] / OSX / libsecurity_apple_csp / lib / AppleCSPSession.h
1 /*
2 * Copyright (c) 2000-2001,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18
19 //
20 // AppleCSPSession.h - top-level session class
21 //
22 #ifndef _APPLE_CSP_SESSION_H_
23 #define _APPLE_CSP_SESSION_H_
24
25 #include <security_cdsa_plugin/cssmplugin.h>
26 #include <security_cdsa_plugin/pluginsession.h>
27 #include <security_cdsa_plugin/CSPsession.h>
28 #include <security_utilities/threading.h>
29 #include "BinaryKey.h"
30 #include "AppleCSPUtils.h"
31
32 class CSPKeyInfoProvider;
33
34 /* avoid unnecessary includes.... */
35 class AppleCSPPlugin;
36 #ifdef BSAFE_CSP_ENABLE
37 class BSafeFactory;
38 #endif
39 #ifdef CRYPTKIT_CSP_ENABLE
40 class CryptKitFactory;
41 #endif
42 class MiscAlgFactory;
43 #ifdef ASC_CSP_ENABLE
44 class AscAlgFactory;
45 #endif
46 class RSA_DSA_Factory;
47 class DH_Factory;
48
49 /* one per attach/detach */
50 class AppleCSPSession : public CSPFullPluginSession {
51 public:
52
53 AppleCSPSession(
54 CSSM_MODULE_HANDLE handle,
55 AppleCSPPlugin &plug,
56 const CSSM_VERSION &Version,
57 uint32 SubserviceID,
58 CSSM_SERVICE_TYPE SubServiceType,
59 CSSM_ATTACH_FLAGS AttachFlags,
60 const CSSM_UPCALLS &upcalls);
61
62 ~AppleCSPSession();
63
64 CSPContext *contextCreate(
65 CSSM_CC_HANDLE handle,
66 const Context &context);
67 void setupContext(
68 CSPContext * &cspCtx,
69 const Context &context,
70 bool encoding);
71
72 // Functions declared in CSPFullPluginSession which we override.
73
74 // Free a key. If this is a reference key
75 // we generated, remove it from refKeyMap.
76 void FreeKey(const AccessCredentials *AccessCred,
77 CssmKey &KeyPtr,
78 CSSM_BOOL Delete);
79
80 void UnwrapKey(CSSM_CC_HANDLE CCHandle,
81 const Context &Context,
82 const CssmKey *PublicKey,
83 const CssmKey &WrappedKey,
84 uint32 KeyUsage,
85 uint32 KeyAttr,
86 const CssmData *KeyLabel,
87 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
88 CssmKey &UnwrappedKey,
89 CssmData &DescriptiveData,
90 CSSM_PRIVILEGE Privilege);
91 void WrapKey(CSSM_CC_HANDLE CCHandle,
92 const Context &Context,
93 const AccessCredentials &AccessCred,
94 const CssmKey &Key,
95 const CssmData *DescriptiveData,
96 CssmKey &WrappedKey,
97 CSSM_PRIVILEGE Privilege);
98 void DeriveKey(CSSM_CC_HANDLE CCHandle,
99 const Context &Context,
100 CssmData &Param,
101 uint32 KeyUsage,
102 uint32 KeyAttr,
103 const CssmData *KeyLabel,
104 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
105 CssmKey &DerivedKey);
106 void PassThrough(CSSM_CC_HANDLE CCHandle,
107 const Context &Context,
108 uint32 PassThroughId,
109 const void *InData,
110 void **OutData);
111 void getKeySize(const CssmKey &key,
112 CSSM_KEY_SIZE &size);
113
114 // add a BinaryKey to our refKeyMap. Sets up cssmKey
115 // as appropriate.
116 void addRefKey(
117 BinaryKey &binKey,
118 CssmKey &cssmKey);
119
120 // Given a CssmKey in reference form, obtain the associated
121 // BinaryKey.
122 BinaryKey &lookupRefKey(
123 const CssmKey &cssmKey);
124
125 // CSP's RNG. This redirects to Yarrow.
126 void getRandomBytes(size_t length, uint8 *cp);
127 void addEntropy(size_t length, const uint8 *cp);
128
129 Allocator &normAlloc() { return normAllocator; }
130 Allocator &privAlloc() { return privAllocator; }
131
132 #ifdef BSAFE_CSP_ENABLE
133 BSafeFactory &bSafe4Factory;
134 #endif
135 #ifdef CRYPTKIT_CSP_ENABLE
136 CryptKitFactory &cryptKitFactory;
137 #endif
138 MiscAlgFactory &miscAlgFactory;
139 #ifdef ASC_CSP_ENABLE
140 AscAlgFactory &ascAlgFactory;
141 #endif
142 RSA_DSA_Factory &rsaDsaAlgFactory;
143 DH_Factory &dhAlgFactory;
144
145 private:
146 // storage of binary keys (which apps know as reference keys)
147 typedef std::map<KeyRef, const BinaryKey *> keyMap;
148 keyMap refKeyMap;
149 Mutex refKeyMapLock;
150 Allocator &normAllocator;
151 Allocator &privAllocator;
152
153 BinaryKey *lookupKeyRef(KeyRef keyRef);
154 void DeriveKey_PBKDF2(
155 const Context &Context,
156 const CssmData &Param,
157 CSSM_DATA *keyData);
158
159 void DeriveKey_PKCS5_V1_5(
160 const Context &context,
161 CSSM_ALGORITHMS algId,
162 const CssmData &Param,
163 CSSM_DATA *keyData);
164
165 void DeriveKey_OpenSSH1(
166 const Context &context,
167 CSSM_ALGORITHMS algId,
168 const CssmData &Param,
169 CSSM_DATA *keyData);
170
171 /* CMS wrap/unwrap, called out from standard wrap/unwrap */
172 void WrapKeyCms(
173 CSSM_CC_HANDLE CCHandle,
174 const Context &Context,
175 const AccessCredentials &AccessCred,
176 const CssmKey &UnwrappedKey,
177 CssmData &rawBlob,
178 bool allocdRawBlob, // callee has to free rawBlob
179 const CssmData *DescriptiveData,
180 CssmKey &WrappedKey,
181 CSSM_PRIVILEGE Privilege);
182
183 void UnwrapKeyCms(
184 CSSM_CC_HANDLE CCHandle,
185 const Context &Context,
186 const CssmKey &WrappedKey,
187 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
188 CssmKey &UnwrappedKey,
189 CssmData &DescriptiveData,
190 CSSM_PRIVILEGE Privilege,
191 cspKeyStorage keyStorage);
192
193 /* OpenSSHv1 wrap/unwrap, called out from standard wrap/unwrap */
194 void WrapKeyOpenSSH1(
195 CSSM_CC_HANDLE CCHandle,
196 const Context &Context,
197 const AccessCredentials &AccessCred,
198 BinaryKey &unwrappedBinKey,
199 CssmData &rawBlob,
200 bool allocdRawBlob, // callee has to free rawBlob
201 const CssmData *DescriptiveData,
202 CssmKey &WrappedKey,
203 CSSM_PRIVILEGE Privilege);
204
205 void UnwrapKeyOpenSSH1(
206 CSSM_CC_HANDLE CCHandle,
207 const Context &Context,
208 const CssmKey &WrappedKey,
209 const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
210 CssmKey &UnwrappedKey,
211 CssmData &DescriptiveData,
212 CSSM_PRIVILEGE Privilege,
213 cspKeyStorage keyStorage);
214
215 /*
216 * Used for generating crypto contexts at this level.
217 * Analogous to AlgorithmFactory.setup().
218 */
219 bool setup(
220 CSPFullPluginSession::CSPContext * &cspCtx,
221 const Context &context);
222
223 /*
224 * Find a CSPKeyInfoProvider subclass for the specified key.
225 */
226 CSPKeyInfoProvider *infoProvider(
227 const CssmKey &key);
228
229 void pkcs8InferKeyHeader(
230 CssmKey &key);
231
232 void opensslInferKeyHeader(
233 CssmKey &key);
234
235 }; /* AppleCSPSession */
236
237
238 #endif //_APPLE_CSP_SESSION_H_
mirror of Security