+++ /dev/null
-/*
- * Copyright (c) 2000-2004,2011-2012,2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-
-//
-// transition - transition layer for CSSM API/SPI calls.
-//
-// This file defines all functions that connect the CSSM API (CSSM_*)
-// to a plugin's SPI (CSSM_SPI_*) functions. The bulk of these functions
-// is automatically generated by the Perl script transition.pl (thanks, Larry!)
-// from the cssm*.h official header files, under control of the configuration
-// file transition.cfg. Those that need special magic are marked "custom" in
-// transition.cfg and are defined here.
-//
-// @@@ Reconsider CSP locking for context operations
-//
-#include "cssmint.h"
-#include "attachfactory.h"
-#include "manager.h"
-#include "cssmcontext.h"
-#include <Security/cssmcspi.h>
-#include <Security/cssmdli.h>
-#include <Security/cssmcli.h>
-#include <Security/cssmaci.h>
-#include <Security/cssmtpi.h>
-#include <Security/cssmkrapi.h>
-#include <Security/cssmkrspi.h>
-#include <security_cdsa_utilities/cssmbridge.h>
-
-
-//
-// Names for the standard Attachment types
-//
-typedef StandardAttachment<CSSM_SERVICE_CSP, CSSM_SPI_CSP_FUNCS> CSPAttachment;
-typedef StandardAttachment<CSSM_SERVICE_DL, CSSM_SPI_DL_FUNCS> DLAttachment;
-typedef StandardAttachment<CSSM_SERVICE_CL, CSSM_SPI_CL_FUNCS> CLAttachment;
-typedef StandardAttachment<CSSM_SERVICE_AC, CSSM_SPI_AC_FUNCS> ACAttachment;
-typedef StandardAttachment<CSSM_SERVICE_TP, CSSM_SPI_TP_FUNCS> TPAttachment;
-
-
-//
-// A conditional locking class for always-right(TM) lock management.
-//
-class TransitLock {
-public:
- Attachment &attachment;
-
- TransitLock(Attachment &att) : attachment(att)
- {
- attachment.module.safeLock();
- }
-
- ~TransitLock()
- {
- attachment.module.safeUnlock();
- attachment.exit();
- }
-};
-
-
-//
-// Context management functions
-//
-CSSM_RETURN CSSMAPI
-CSSM_CSP_CreateSignatureContext (CSSM_CSP_HANDLE CSPHandle,
- CSSM_ALGORITHMS AlgorithmID,
- const CSSM_ACCESS_CREDENTIALS *AccessCred,
- const CSSM_KEY *Key,
- CSSM_CC_HANDLE *NewContextHandle)
-{
- BEGIN_API
- HandleContext::Maker maker(CSPHandle);
- maker.setup(AccessCred);
- maker.setup(Key, CSSMERR_CSP_MISSING_ATTR_KEY);
- maker.make();
- maker.put(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS, AccessCred);
- maker.put(CSSM_ATTRIBUTE_KEY, Key);
- Required(NewContextHandle) = maker(CSSM_ALGCLASS_SIGNATURE, AlgorithmID);
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_CSP_CreateSymmetricContext (CSSM_CSP_HANDLE CSPHandle,
- CSSM_ALGORITHMS AlgorithmID,
- CSSM_ENCRYPT_MODE Mode,
- const CSSM_ACCESS_CREDENTIALS *AccessCred,
- const CSSM_KEY *Key,
- const CSSM_DATA *InitVector,
- CSSM_PADDING Padding,
- void *Reserved,
- CSSM_CC_HANDLE *NewContextHandle)
-{
- BEGIN_API
- if (Reserved != NULL)
- CssmError::throwMe(CSSM_ERRCODE_INVALID_POINTER);
- HandleContext::Maker maker(CSPHandle);
- maker.setup(Mode);
- maker.setup(AccessCred);
- maker.setup(Key);
- maker.setup(InitVector);
- maker.setup(Padding);
- maker.make();
- maker.put(CSSM_ATTRIBUTE_MODE, Mode);
- maker.put(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS, AccessCred);
- maker.put(CSSM_ATTRIBUTE_KEY, Key);
- maker.put(CSSM_ATTRIBUTE_INIT_VECTOR, InitVector);
- maker.put(CSSM_ATTRIBUTE_PADDING, Padding);
- Required(NewContextHandle) = maker(CSSM_ALGCLASS_SYMMETRIC, AlgorithmID);
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_CSP_CreateDigestContext (CSSM_CSP_HANDLE CSPHandle,
- CSSM_ALGORITHMS AlgorithmID,
- CSSM_CC_HANDLE *NewContextHandle)
-{
- BEGIN_API
- HandleContext::Maker maker(CSPHandle);
- maker.make();
- Required(NewContextHandle) = maker(CSSM_ALGCLASS_DIGEST, AlgorithmID);
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_CSP_CreateMacContext (CSSM_CSP_HANDLE CSPHandle,
- CSSM_ALGORITHMS AlgorithmID,
- const CSSM_KEY *Key,
- CSSM_CC_HANDLE *NewContextHandle)
-{
- BEGIN_API
- HandleContext::Maker maker(CSPHandle);
- maker.setup(Key, CSSMERR_CSP_MISSING_ATTR_KEY);
- maker.make();
- maker.put(CSSM_ATTRIBUTE_KEY, Key);
- Required(NewContextHandle) = maker(CSSM_ALGCLASS_MAC, AlgorithmID);
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_CSP_CreateRandomGenContext (CSSM_CSP_HANDLE CSPHandle,
- CSSM_ALGORITHMS AlgorithmID,
- const CSSM_CRYPTO_DATA *Seed,
- CSSM_SIZE Length,
- CSSM_CC_HANDLE *NewContextHandle)
-{
- BEGIN_API
- HandleContext::Maker maker(CSPHandle);
- maker.setup(Seed);
- maker.setup(Length, CSSMERR_CSP_INVALID_ATTR_OUTPUT_SIZE);
- maker.make();
- maker.put(CSSM_ATTRIBUTE_SEED, Seed);
- maker.put(CSSM_ATTRIBUTE_OUTPUT_SIZE, (uint32_t)Length);
- Required(NewContextHandle) = maker(CSSM_ALGCLASS_RANDOMGEN, AlgorithmID);
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_CSP_CreateAsymmetricContext (CSSM_CSP_HANDLE CSPHandle,
- CSSM_ALGORITHMS AlgorithmID,
- const CSSM_ACCESS_CREDENTIALS *AccessCred,
- const CSSM_KEY *Key,
- CSSM_PADDING Padding,
- CSSM_CC_HANDLE *NewContextHandle)
-{
- BEGIN_API
- HandleContext::Maker maker(CSPHandle);
- maker.setup(AccessCred, CSSMERR_CSP_MISSING_ATTR_ACCESS_CREDENTIALS);
- maker.setup(Key, CSSMERR_CSP_MISSING_ATTR_KEY);
- maker.setup(Padding);
- maker.make();
- maker.put(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS, AccessCred);
- maker.put(CSSM_ATTRIBUTE_KEY, Key);
- maker.put(CSSM_ATTRIBUTE_PADDING, Padding);
- Required(NewContextHandle) = maker(CSSM_ALGCLASS_ASYMMETRIC, AlgorithmID);
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_CSP_CreateDeriveKeyContext (CSSM_CSP_HANDLE CSPHandle,
- CSSM_ALGORITHMS AlgorithmID,
- CSSM_KEY_TYPE DeriveKeyType,
- uint32 DeriveKeyLengthInBits,
- const CSSM_ACCESS_CREDENTIALS *AccessCred,
- const CSSM_KEY *BaseKey,
- uint32 IterationCount,
- const CSSM_DATA *Salt,
- const CSSM_CRYPTO_DATA *Seed,
- CSSM_CC_HANDLE *NewContextHandle)
-{
- BEGIN_API
- HandleContext::Maker maker(CSPHandle);
- maker.setup(DeriveKeyType, CSSMERR_CSP_INVALID_ATTR_KEY_TYPE);
- maker.setup(DeriveKeyLengthInBits, CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH);
- maker.setup(AccessCred);
- maker.setup(BaseKey);
- maker.setup(IterationCount);
- maker.setup(Salt);
- maker.setup(Seed);
- maker.make();
- maker.put(CSSM_ATTRIBUTE_KEY_TYPE, DeriveKeyType);
- maker.put(CSSM_ATTRIBUTE_KEY_LENGTH, DeriveKeyLengthInBits);
- maker.put(CSSM_ATTRIBUTE_ACCESS_CREDENTIALS, AccessCred);
- maker.put(CSSM_ATTRIBUTE_KEY, BaseKey);
- maker.put(CSSM_ATTRIBUTE_ITERATION_COUNT, IterationCount);
- maker.put(CSSM_ATTRIBUTE_SALT, Salt);
- maker.put(CSSM_ATTRIBUTE_SEED, Seed);
- Required(NewContextHandle) = maker(CSSM_ALGCLASS_DERIVEKEY, AlgorithmID);
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_CSP_CreateKeyGenContext (CSSM_CSP_HANDLE CSPHandle,
- CSSM_ALGORITHMS AlgorithmID,
- uint32 KeySizeInBits,
- const CSSM_CRYPTO_DATA *Seed,
- const CSSM_DATA *Salt,
- const CSSM_DATE *StartDate,
- const CSSM_DATE *EndDate,
- const CSSM_DATA *Params,
- CSSM_CC_HANDLE *NewContextHandle)
-{
- BEGIN_API
- HandleContext::Maker maker(CSPHandle);
- maker.setup(KeySizeInBits, CSSMERR_CSP_INVALID_ATTR_KEY_LENGTH);
- maker.setup(Seed);
- maker.setup(Salt);
- maker.setup(StartDate);
- maker.setup(EndDate);
- maker.setup(Params);
- maker.make();
- maker.put(CSSM_ATTRIBUTE_KEY_LENGTH, KeySizeInBits);
- maker.put(CSSM_ATTRIBUTE_SEED, Seed);
- maker.put(CSSM_ATTRIBUTE_SALT, Salt);
- maker.put(CSSM_ATTRIBUTE_START_DATE, StartDate);
- maker.put(CSSM_ATTRIBUTE_END_DATE, EndDate);
- maker.put(CSSM_ATTRIBUTE_ALG_PARAMS, Params);
- Required(NewContextHandle) = maker(CSSM_ALGCLASS_KEYGEN, AlgorithmID);
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_CSP_CreatePassThroughContext (CSSM_CSP_HANDLE CSPHandle,
- const CSSM_KEY *Key,
- CSSM_CC_HANDLE *NewContextHandle)
-{
- BEGIN_API
- HandleContext::Maker maker(CSPHandle);
- maker.setup(Key, CSSMERR_CSP_MISSING_ATTR_KEY);
- maker.make();
- maker.put(CSSM_ATTRIBUTE_KEY, Key);
- Required(NewContextHandle) = maker(CSSM_ALGCLASS_NONE, CSSM_ALGID_NONE);
- END_API(CSSM)
-}
-
-
-//
-// CSSM_GetContext makes a deep copy of a CSP context and hands it to the
-// caller. The result is NOT a HandleContext, but a bare Context that is
-// in no dictionaries etc. User must delete it by calling CSSM_FreeContext.
-//
-CSSM_RETURN CSSMAPI
-CSSM_GetContext (CSSM_CC_HANDLE CCHandle,
- CSSM_CONTEXT_PTR *ContextP)
-{
- BEGIN_API
-#warning Cast from CSSM_CC_HANDLE to CSSM_HANDLE
- HandleContext &context = HandleObject::find<HandleContext>((CSSM_HANDLE)CCHandle, CSSM_ERRCODE_INVALID_CONTEXT_HANDLE);
- Context *newContext = new(context.attachment) Context(context.type(), context.algorithm());
- try {
- newContext->CSPHandle = context.attachment.handle();
- newContext->copyFrom(context, context.attachment);
- Required(ContextP) = newContext;
- } catch (...) {
- context.attachment.free(newContext);
- throw;
- }
- END_API(CSSM)
-}
-
-
-//
-// Since we allocated all the data in one fell heap, our FreeContext
-// function is disappointingly simple.
-//
-CSSM_RETURN CSSMAPI
-CSSM_FreeContext (CSSM_CONTEXT_PTR ContextP)
-{
- BEGIN_API
- Context *context = &Context::required(ContextP);
- context->destroy(context, HandleObject::find<CSPAttachment>(context->CSPHandle, CSSM_ERRCODE_INVALID_CONTEXT_HANDLE));
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_SetContext (CSSM_CC_HANDLE CCHandle,
- const CSSM_CONTEXT *ContextP)
-{
- BEGIN_API
- const Context &source = Context::required(ContextP);
-#warning Cast from CSSM_CC_HANDLE to CSSM_HANDLE
- HandleContext &context = HandleObject::find<HandleContext>((CSSM_HANDLE)CCHandle, CSSM_ERRCODE_INVALID_CONTEXT_HANDLE);
-
- CSSM_CONTEXT_ATTRIBUTE *oldAttributes = context.ContextAttributes;
- uint32 oldCount = context.NumberOfAttributes;
- CSSM_CONTEXT_TYPE oldType = context.ContextType;
- CSSM_ALGORITHMS oldAlgorithm = context.AlgorithmType;
-
- context.copyFrom(source, context.attachment);
- context.ContextType = source.ContextType;
- context.AlgorithmType = source.AlgorithmType;
-
- if (CSSM_RETURN err = context.validateChange(CSSM_CONTEXT_EVENT_UPDATE)) {
- context.attachment.free(context.ContextAttributes); // free rejected attribute blob
- context.ContextAttributes = oldAttributes; // restore...
- context.NumberOfAttributes = oldCount; // ... old
- context.ContextType = oldType; // ... values
- context.AlgorithmType = oldAlgorithm; // ... in context
- CssmError::throwMe(err); // tell the caller it failed
- }
-
- context.attachment.free(oldAttributes);
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_DeleteContext (CSSM_CC_HANDLE CCHandle)
-{
- BEGIN_API
- HandleContext &context = enterContext(CCHandle);
- StLock<CountingMutex, &CountingMutex::enter, &CountingMutex::exit>
- _(context.attachment, true);
-
- // ignore error return from CSP event notify (can't decline deletion)
- context.validateChange(CSSM_CONTEXT_EVENT_DELETE);
-
- context.destroy(&context, context.attachment);
- END_API(CSSM)
-}
-
-
-//
-// The GetContextAttribute API is fatally flawed. The standard implies a deep
-// copy of the attribute value, but no release function exists. Instead, we
-// return a shallow copy (sharing structure) which you need not release, but
-// which becomes invalid when the source Context is destroyed.
-//
-CSSM_RETURN CSSMAPI
-CSSM_GetContextAttribute (const CSSM_CONTEXT *Context,
- uint32 AttributeType,
- CSSM_CONTEXT_ATTRIBUTE_PTR *ContextAttribute)
-{
- BEGIN_API
- CSSM_ATTRIBUTE_TYPE type = CSSM_ATTRIBUTE_TYPE(AttributeType); // CDSA defect
- Required(ContextAttribute) = Context::required(Context).find(type);
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_UpdateContextAttributes (CSSM_CC_HANDLE CCHandle,
- uint32 NumberAttributes,
- const CSSM_CONTEXT_ATTRIBUTE *ContextAttributes)
-{
- BEGIN_API
-#warning Cast from CSSM_CC_HANDLE to CSSM_HANDLE
- HandleContext &context = HandleObject::find<HandleContext>((CSSM_HANDLE)CCHandle, CSSM_ERRCODE_INVALID_CONTEXT_HANDLE);
- context.mergeAttributes(ContextAttributes, NumberAttributes);
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_DeleteContextAttributes (CSSM_CC_HANDLE CCHandle,
- uint32 NumberOfAttributes,
- const CSSM_CONTEXT_ATTRIBUTE *ContextAttributes)
-{
- BEGIN_API
- if (NumberOfAttributes == 0)
- return CSSM_OK; // I suppose
- Required(ContextAttributes); // preflight
-#warning Cast from CSSM_CC_HANDLE to CSSM_HANDLE
- HandleContext &context = HandleObject::find<HandleContext>((CSSM_HANDLE)CCHandle, CSSM_ERRCODE_INVALID_CONTEXT_HANDLE);
- for (uint32 n = 0; n < NumberOfAttributes; n++)
- context.deleteAttribute(ContextAttributes[n].AttributeType);
- END_API(CSSM)
-}
-
-
-//
-// Miscellaneous odds and ends - these functions just need a wee bit of
-// manual massaging to fit.
-//
-CSSM_RETURN CSSMAPI
-CSSM_DigestDataClone (CSSM_CC_HANDLE ccHandle,
- CSSM_CC_HANDLE *newCCHandle)
-{
- BEGIN_API
-#warning Cast from CSSM_CC_HANDLE to CSSM_HANDLE
- HandleContext &context = HandleObject::findAndLock<HandleContext>((CSSM_HANDLE)ccHandle, CSSM_ERRCODE_INVALID_CONTEXT_HANDLE);
- TransitLock _(context.attachment);
- HandleContext *newContext =
- new(context.attachment) HandleContext(context.attachment, context.type(), context.algorithm());
- try {
- newContext->CSPHandle = context.attachment.handle();
- newContext->copyFrom(context, context.attachment);
- context.attachment.downcalls.DigestDataClone(context.attachment.handle(), ccHandle, newContext->handle());
- Required(newCCHandle) = newContext->handle();
- } catch (...) {
- newContext->destroy(newContext, context.attachment);
- throw;
- }
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_QueryKeySizeInBits (CSSM_CSP_HANDLE CSPHandle,
- CSSM_CC_HANDLE ccHandle,
- const CSSM_KEY *key,
- CSSM_KEY_SIZE_PTR keySize)
-{
- //@@@ could afford not to lock attachment in have-CC case
- BEGIN_API
- Required(keySize);
- Context *context;
- CSPAttachment *attachment;
- if (ccHandle == (CSSM_CC_HANDLE) HandleObject::invalidHandle) {
- // key specified by CSPHandle and Key
- attachment = &enterAttachment<CSPAttachment>(CSPHandle);
- context = NULL;
- } else {
- // key specified by ccHandle
- HandleContext *ctx = &enterContext(ccHandle);
- try {
- attachment = &ctx->attachment;
- context = ctx;
- CSPHandle = context->CSPHandle;
- key = &context->get<CssmKey>(CSSM_ATTRIBUTE_KEY,
- CSSMERR_CSP_INVALID_KEY);
- } catch (...) {
- attachment->exit();
- throw;
- }
- }
- TransitLock _(*attachment);
- CSSM_RETURN result = attachment->downcalls.QueryKeySizeInBits(CSPHandle,
- ccHandle, context, key, keySize);
- return result;
- END_API(CSSM)
-}
-
-
-CSSM_RETURN CSSMAPI
-CSSM_GenerateAlgorithmParams (CSSM_CC_HANDLE CCHandle,
- uint32 ParamBits,
- CSSM_DATA_PTR Param)
-{
- BEGIN_API
- // this function has more subtle locking than usual. Pay attention:
-
- // (1) Resolve context and ensure attachment exit
- HandleContext &context = enterContext(CCHandle);
- StLock<CountingMutex, &CountingMutex::enter, &CountingMutex::exit> _(context.attachment, true);
-
- // (2) Call CSP, acquiring module safe-lock for a moment (only)
- CSSM_CONTEXT_ATTRIBUTE_PTR attributes;
- uint32 count;
- {
- StLock<Module, &Module::safeLock, &Module::safeUnlock> _(context.attachment.module);
- if (CSSM_RETURN err =
- context.attachment.downcalls.GenerateAlgorithmParams(context.attachment.handle(),
- CCHandle, &context,
- ParamBits, Param,
- &count, &attributes))
- CssmError::throwMe(err);
- }
-
- // (3) Merge the attributes returned into the context, which will (again) acquire the module safe-lock internally
- if (count)
- context.mergeAttributes(attributes, count);
- // the memory at (attributes, count) belongs to the CSP; don't free it here
- END_API(CSSM)
-}
-
-
-//
-// Include the auto-generated functions
-//
-#include <derived_src/transition.gen>
projects / apple / security.git / blobdiff