--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// SSCSPSession.cpp - Security Server CSP session.
+//
+#include "SSCSPSession.h"
+
+#include "CSPDLPlugin.h"
+#include "SSDatabase.h"
+#include "SSDLSession.h"
+#include "SSKey.h"
+#include <security_cdsa_utilities/cssmbridge.h>
+#include <memory>
+
+using namespace std;
+using namespace SecurityServer;
+
+//
+// SSCSPSession -- Security Server CSP session
+//
+SSCSPSession::SSCSPSession(CSSM_MODULE_HANDLE handle,
+ CSPDLPlugin &plug,
+ const CSSM_VERSION &version,
+ uint32 subserviceId,
+ CSSM_SERVICE_TYPE subserviceType,
+ CSSM_ATTACH_FLAGS attachFlags,
+ const CSSM_UPCALLS &upcalls,
+ SSCSPDLSession &ssCSPDLSession,
+ CssmClient::CSP &rawCsp)
+: CSPFullPluginSession(handle, plug, version, subserviceId, subserviceType,
+ attachFlags, upcalls),
+ mSSCSPDLSession(ssCSPDLSession),
+ mSSFactory(plug.mSSFactory),
+ mRawCsp(rawCsp),
+ mClientSession(Allocator::standard(), *this)
+{
+ mClientSession.registerForAclEdits(SSCSPDLSession::didChangeKeyAclCallback, &mSSCSPDLSession);
+}
+
+//
+// Called at (CSSM) context create time. This is ignored; we do a full
+// context setup later, at setupContext time.
+//
+CSPFullPluginSession::CSPContext *
+SSCSPSession::contextCreate(CSSM_CC_HANDLE handle, const Context &context)
+{
+ return NULL;
+}
+
+
+//
+// Called by CSPFullPluginSession when an op is actually commencing.
+// Context can safely assumed to be fully formed and stable for the
+// duration of the op; thus we wait until now to set up our
+// CSPContext as appropriate to the op.
+//
+void
+SSCSPSession::setupContext(CSPContext * &cspCtx,
+ const Context &context,
+ bool encoding)
+{
+ // note we skip this if this CSPContext is being reused
+ if (cspCtx == NULL)
+ {
+
+ if (mSSFactory.setup(*this, cspCtx, context, encoding))
+ return;
+
+#if 0
+ if (mBSafe4Factory.setup(*this, cspCtx, context))
+ return;
+
+ if (mCryptKitFactory.setup(*this, cspCtx, context))
+ return;
+#endif
+
+ CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM);
+ }
+}
+
+
+//
+// DL interaction
+//
+SSDatabase
+SSCSPSession::getDatabase(const Context &context)
+{
+ return getDatabase(context.get<CSSM_DL_DB_HANDLE>(CSSM_ATTRIBUTE_DL_DB_HANDLE));
+}
+
+SSDatabase
+SSCSPSession::getDatabase(CSSM_DL_DB_HANDLE *aDLDbHandle)
+{
+ if (aDLDbHandle)
+ return findSession<SSDLSession>(aDLDbHandle->DLHandle).findDbHandle(aDLDbHandle->DBHandle);
+ else
+ return SSDatabase();
+}
+
+
+//
+// Reference Key management
+//
+void
+SSCSPSession::makeReferenceKey(KeyHandle inKeyHandle, CssmKey &ioKey, SSDatabase &inSSDatabase,
+ uint32 inKeyAttr, const CssmData *inKeyLabel)
+{
+ return mSSCSPDLSession.makeReferenceKey(*this, inKeyHandle, ioKey, inSSDatabase, inKeyAttr, inKeyLabel);
+}
+
+SSKey &
+SSCSPSession::lookupKey(const CssmKey &inKey)
+{
+ return mSSCSPDLSession.lookupKey(inKey);
+}
+
+
+//
+// Key creating and handeling members
+//
+void
+SSCSPSession::WrapKey(CSSM_CC_HANDLE CCHandle,
+ const Context &context,
+ const AccessCredentials &AccessCred,
+ const CssmKey &Key,
+ const CssmData *DescriptiveData,
+ CssmKey &WrappedKey,
+ CSSM_PRIVILEGE Privilege)
+{
+ // @@@ Deal with permanent keys
+ const CssmKey *keyInContext =
+ context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY);
+
+ KeyHandle contextKeyHandle = (keyInContext
+ ? lookupKey(*keyInContext).keyHandle()
+ : noKey);
+ clientSession().wrapKey(context, contextKeyHandle,
+ lookupKey(Key).keyHandle(), &AccessCred,
+ DescriptiveData, WrappedKey, *this);
+}
+
+void
+SSCSPSession::UnwrapKey(CSSM_CC_HANDLE CCHandle,
+ const Context &context,
+ const CssmKey *PublicKey,
+ const CssmWrappedKey &WrappedKey,
+ uint32 KeyUsage,
+ uint32 KeyAttr,
+ const CssmData *KeyLabel,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
+ CssmKey &UnwrappedKey,
+ CssmData &DescriptiveData,
+ CSSM_PRIVILEGE Privilege)
+{
+ SSDatabase database = getDatabase(context);
+ validateKeyAttr(KeyAttr);
+ const AccessCredentials *cred = NULL;
+ const AclEntryInput *owner = NULL;
+ if (CredAndAclEntry)
+ {
+ cred = AccessCredentials::overlay(CredAndAclEntry->AccessCred);
+ owner = &AclEntryInput::overlay(CredAndAclEntry->InitialAclEntry);
+ }
+
+ KeyHandle publicKey = noKey;
+ if (PublicKey)
+ {
+ if (PublicKey->blobType() == CSSM_KEYBLOB_RAW)
+ {
+ // @@@ We need to unwrap the publicKey into the SecurityServer
+ // before continuing
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEY);
+ }
+ else
+ publicKey = lookupKey(*PublicKey).keyHandle();
+ }
+
+ // @@@ Deal with permanent keys
+ const CssmKey *keyInContext =
+ context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY);
+
+ KeyHandle contextKeyHandle =
+ keyInContext ? lookupKey(*keyInContext).keyHandle() : noKey;
+
+ KeyHandle unwrappedKeyHandle;
+ clientSession().unwrapKey(database.dbHandle(), context, contextKeyHandle,
+ publicKey, WrappedKey, KeyUsage, KeyAttr,
+ cred, owner, DescriptiveData, unwrappedKeyHandle,
+ UnwrappedKey.header(), *this);
+ makeReferenceKey(unwrappedKeyHandle, UnwrappedKey, database, KeyAttr,
+ KeyLabel);
+}
+
+void
+SSCSPSession::DeriveKey(CSSM_CC_HANDLE ccHandle,
+ const Context &context,
+ CssmData ¶m,
+ uint32 keyUsage,
+ uint32 keyAttr,
+ const CssmData *keyLabel,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry,
+ CssmKey &derivedKey)
+{
+ SSDatabase database = getDatabase(context);
+ validateKeyAttr(keyAttr);
+ const AccessCredentials *cred = NULL;
+ const AclEntryInput *owner = NULL;
+ if (credAndAclEntry)
+ {
+ cred = AccessCredentials::overlay(credAndAclEntry->AccessCred);
+ owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry);
+ }
+
+ /* optional BaseKey */
+ const CssmKey *keyInContext =
+ context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY);
+ KeyHandle contextKeyHandle =
+ keyInContext ? lookupKey(*keyInContext).keyHandle() : noKey;
+ KeyHandle keyHandle;
+ switch(context.algorithm()) {
+ case CSSM_ALGID_KEYCHAIN_KEY:
+ {
+ // special interpretation: take DLDBHandle -> DbHandle from params
+ clientSession().extractMasterKey(database.dbHandle(), context,
+ getDatabase(param.interpretedAs<CSSM_DL_DB_HANDLE>(CSSMERR_CSP_INVALID_ATTR_DL_DB_HANDLE)).dbHandle(),
+ keyUsage, keyAttr, cred, owner, keyHandle, derivedKey.header());
+ }
+ break;
+ default:
+ clientSession().deriveKey(database.dbHandle(), context, contextKeyHandle, keyUsage,
+ keyAttr, param, cred, owner, keyHandle, derivedKey.header());
+ break;
+ }
+ makeReferenceKey(keyHandle, derivedKey, database, keyAttr, keyLabel);
+}
+
+void
+SSCSPSession::GenerateKey(CSSM_CC_HANDLE ccHandle,
+ const Context &context,
+ uint32 keyUsage,
+ uint32 keyAttr,
+ const CssmData *keyLabel,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry,
+ CssmKey &key,
+ CSSM_PRIVILEGE privilege)
+{
+ SSDatabase database = getDatabase(context);
+ validateKeyAttr(keyAttr);
+ const AccessCredentials *cred = NULL;
+ const AclEntryInput *owner = NULL;
+ if (credAndAclEntry)
+ {
+ cred = AccessCredentials::overlay(credAndAclEntry->AccessCred);
+ owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry);
+ }
+
+ KeyHandle keyHandle;
+ clientSession().generateKey(database.dbHandle(), context, keyUsage,
+ keyAttr, cred, owner, keyHandle, key.header());
+ makeReferenceKey(keyHandle, key, database, keyAttr, keyLabel);
+}
+
+void
+SSCSPSession::GenerateKeyPair(CSSM_CC_HANDLE ccHandle,
+ const Context &context,
+ uint32 publicKeyUsage,
+ uint32 publicKeyAttr,
+ const CssmData *publicKeyLabel,
+ CssmKey &publicKey,
+ uint32 privateKeyUsage,
+ uint32 privateKeyAttr,
+ const CssmData *privateKeyLabel,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry,
+ CssmKey &privateKey,
+ CSSM_PRIVILEGE privilege)
+{
+ SSDatabase database = getDatabase(context);
+ validateKeyAttr(publicKeyAttr);
+ validateKeyAttr(privateKeyAttr);
+ const AccessCredentials *cred = NULL;
+ const AclEntryInput *owner = NULL;
+ if (credAndAclEntry)
+ {
+ cred = AccessCredentials::overlay(credAndAclEntry->AccessCred);
+ owner = &AclEntryInput::overlay(credAndAclEntry->InitialAclEntry);
+ }
+
+ /*
+ * Public keys must be extractable in the clear - that's the Apple
+ * policy. The raw CSP is unable to enforce the extractable
+ * bit since it always sees that as true (it's managed and forced
+ * true by the SecurityServer). So...
+ */
+ if(!(publicKeyAttr & CSSM_KEYATTR_EXTRACTABLE)) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+ }
+ KeyHandle pubKeyHandle, privKeyHandle;
+ clientSession().generateKey(database.dbHandle(), context,
+ publicKeyUsage, publicKeyAttr,
+ privateKeyUsage, privateKeyAttr,
+ cred, owner,
+ pubKeyHandle, publicKey.header(),
+ privKeyHandle, privateKey.header());
+ makeReferenceKey(privKeyHandle, privateKey, database, privateKeyAttr,
+ privateKeyLabel);
+ // @@@ What if this throws, we need to free privateKey.
+ makeReferenceKey(pubKeyHandle, publicKey, database, publicKeyAttr,
+ publicKeyLabel);
+}
+
+void
+SSCSPSession::ObtainPrivateKeyFromPublicKey(const CssmKey &PublicKey,
+ CssmKey &PrivateKey)
+{
+ unimplemented();
+}
+
+void
+SSCSPSession::QueryKeySizeInBits(CSSM_CC_HANDLE CCHandle,
+ const Context &Context,
+ const CssmKey &Key,
+ CSSM_KEY_SIZE &KeySize)
+{
+ unimplemented();
+}
+
+void
+SSCSPSession::FreeKey(const AccessCredentials *accessCred,
+ CssmKey &ioKey, CSSM_BOOL deleteKey)
+{
+ if (ioKey.blobType() == CSSM_KEYBLOB_REFERENCE)
+ {
+ // @@@ Note that this means that detaching a session should free
+ // all keys ascociated with it or else...
+ // -- or else what?
+ // exactly!
+
+ // @@@ There are thread safety issues when deleting a key that is
+ // in use by another thread, but the answer to that is: Don't do
+ // that!
+
+ // Find the key in the map. Tell tell the key to free itself
+ // (when the auto_ptr deletes the key it removes itself from the map).
+ secdebug("freeKey", "CSPDL FreeKey");
+ auto_ptr<SSKey> ssKey(&mSSCSPDLSession.find<SSKey>(ioKey));
+ ssKey->free(accessCred, ioKey, deleteKey);
+ }
+ else
+ {
+ CSPFullPluginSession::FreeKey(accessCred, ioKey, deleteKey);
+ }
+}
+
+
+//
+// Generation stuff.
+//
+void
+SSCSPSession::GenerateRandom(CSSM_CC_HANDLE ccHandle,
+ const Context &context,
+ CssmData &randomNumber)
+{
+ checkOperation(context.type(), CSSM_ALGCLASS_RANDOMGEN);
+ // if (context.algorithm() != @@@) CssmError::throwMe(ALGORITHM_NOT_SUPPORTED);
+ uint32 needed = context.getInt(CSSM_ATTRIBUTE_OUTPUT_SIZE, CSSMERR_CSP_MISSING_ATTR_OUTPUT_SIZE);
+
+ // @@@ What about the seed?
+ if (randomNumber.length())
+ {
+ if (randomNumber.length() < needed)
+ CssmError::throwMe(CSSMERR_CSP_OUTPUT_LENGTH_ERROR);
+ clientSession().generateRandom(context, randomNumber);
+ }
+ else
+ {
+ randomNumber.Data = alloc<uint8>(needed);
+ try
+ {
+ clientSession().generateRandom(context, randomNumber);
+ }
+ catch(...)
+ {
+ free(randomNumber.Data);
+ randomNumber.Data = NULL;
+ throw;
+ }
+ }
+}
+
+//
+// Login/Logout and token operational maintainance. These mean little
+// without support by the actual implementation, but we can help...
+// @@@ Should this be in CSP[non-Full]PluginSession?
+//
+void
+SSCSPSession::Login(const AccessCredentials &AccessCred,
+ const CssmData *LoginName,
+ const void *Reserved)
+{
+ // @@@ Do a login to the securityServer making keys persistant until it
+ // goes away
+ unimplemented();
+}
+
+void
+SSCSPSession::Logout()
+{
+ unimplemented();
+}
+
+void
+SSCSPSession::VerifyDevice(const CssmData &DeviceCert)
+{
+ CssmError::throwMe(CSSMERR_CSP_DEVICE_VERIFY_FAILED);
+}
+
+void
+SSCSPSession::GetOperationalStatistics(CSPOperationalStatistics &statistics)
+{
+ unimplemented();
+}
+
+
+//
+// Utterly miscellaneous, rarely used, strange functions
+//
+void
+SSCSPSession::RetrieveCounter(CssmData &Counter)
+{
+ unimplemented();
+}
+
+void
+SSCSPSession::RetrieveUniqueId(CssmData &UniqueID)
+{
+ unimplemented();
+}
+
+void
+SSCSPSession::GetTimeValue(CSSM_ALGORITHMS TimeAlgorithm, CssmData &TimeData)
+{
+ unimplemented();
+}
+
+
+//
+// ACL retrieval and change operations
+//
+void
+SSCSPSession::GetKeyOwner(const CssmKey &Key,
+ CSSM_ACL_OWNER_PROTOTYPE &Owner)
+{
+ lookupKey(Key).getOwner(Owner, *this);
+}
+
+void
+SSCSPSession::ChangeKeyOwner(const AccessCredentials &AccessCred,
+ const CssmKey &Key,
+ const CSSM_ACL_OWNER_PROTOTYPE &NewOwner)
+{
+ lookupKey(Key).changeOwner(AccessCred,
+ AclOwnerPrototype::overlay(NewOwner));
+}
+
+void
+SSCSPSession::GetKeyAcl(const CssmKey &Key,
+ const CSSM_STRING *SelectionTag,
+ uint32 &NumberOfAclInfos,
+ CSSM_ACL_ENTRY_INFO_PTR &AclInfos)
+{
+ lookupKey(Key).getAcl(reinterpret_cast<const char *>(SelectionTag),
+ NumberOfAclInfos,
+ reinterpret_cast<AclEntryInfo *&>(AclInfos), *this);
+}
+
+void
+SSCSPSession::ChangeKeyAcl(const AccessCredentials &AccessCred,
+ const CSSM_ACL_EDIT &AclEdit,
+ const CssmKey &Key)
+{
+ lookupKey(Key).changeAcl(AccessCred, AclEdit::overlay(AclEdit));
+}
+
+void
+SSCSPSession::GetLoginOwner(CSSM_ACL_OWNER_PROTOTYPE &Owner)
+{
+ unimplemented();
+}
+
+void
+SSCSPSession::ChangeLoginOwner(const AccessCredentials &AccessCred,
+ const CSSM_ACL_OWNER_PROTOTYPE &NewOwner)
+{
+ unimplemented();
+}
+
+void
+SSCSPSession::GetLoginAcl(const CSSM_STRING *SelectionTag,
+ uint32 &NumberOfAclInfos,
+ CSSM_ACL_ENTRY_INFO_PTR &AclInfos)
+{
+ unimplemented();
+}
+
+void
+SSCSPSession::ChangeLoginAcl(const AccessCredentials &AccessCred,
+ const CSSM_ACL_EDIT &AclEdit)
+{
+ unimplemented();
+}
+
+
+
+//
+// Passthroughs
+//
+void
+SSCSPSession::PassThrough(CSSM_CC_HANDLE CCHandle,
+ const Context &context,
+ uint32 passThroughId,
+ const void *inData,
+ void **outData)
+{
+ checkOperation(context.type(), CSSM_ALGCLASS_NONE);
+ switch (passThroughId) {
+ case CSSM_APPLESCPDL_CSP_GET_KEYHANDLE:
+ {
+ // inData unused, must be NULL
+ if (inData)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_INPUT_POINTER);
+
+ // outData required, must be pointer-to-pointer-to-KeyHandle
+ KeyHandle &result = Required(reinterpret_cast<KeyHandle *>(outData));
+
+ // we'll take the key from the context
+ const CssmKey &key =
+ context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY);
+
+ // all ready
+ result = lookupKey(key).keyHandle();
+ break;
+ }
+ case CSSM_APPLECSP_KEYDIGEST:
+ {
+ // inData unused, must be NULL
+ if (inData)
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_INPUT_POINTER);
+
+ // outData required
+ Required(outData);
+
+ // take the key from the context, convert to KeyHandle
+ const CssmKey &key =
+ context.get<const CssmKey>(CSSM_ATTRIBUTE_KEY, CSSMERR_CSP_MISSING_ATTR_KEY);
+ KeyHandle keyHandle = lookupKey(key).keyHandle();
+
+ // allocate digest holder on app's behalf
+ CSSM_DATA *digest = alloc<CSSM_DATA>(sizeof(CSSM_DATA));
+ digest->Data = NULL;
+ digest->Length = 0;
+
+ // go
+ try {
+ clientSession().getKeyDigest(keyHandle, CssmData::overlay(*digest));
+ }
+ catch(...) {
+ free(digest);
+ throw;
+ }
+ *outData = digest;
+ break;
+ }
+
+ default:
+ CssmError::throwMe(CSSM_ERRCODE_INVALID_PASSTHROUGH_ID);
+ }
+}
+
+/* Validate requested key attr flags for newly generated keys */
+void SSCSPSession::validateKeyAttr(uint32 reqKeyAttr)
+{
+ if(reqKeyAttr & (CSSM_KEYATTR_RETURN_DATA)) {
+ /* CSPDL only supports reference keys */
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK);
+ }
+ if(reqKeyAttr & (CSSM_KEYATTR_ALWAYS_SENSITIVE |
+ CSSM_KEYATTR_NEVER_EXTRACTABLE)) {
+ /* invalid for any CSP */
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+ }
+ /* There may be more, but we'll leave it to SS and CSP to decide */
+}
projects / apple / security.git / blobdiff