--- /dev/null
+/*
+ * Copyright (c) 2000-2001,2011,2014 Apple Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// AppleCSPSession.h - top-level session class
+//
+#ifndef _APPLE_CSP_SESSION_H_
+#define _APPLE_CSP_SESSION_H_
+
+#include <security_cdsa_plugin/cssmplugin.h>
+#include <security_cdsa_plugin/pluginsession.h>
+#include <security_cdsa_plugin/CSPsession.h>
+#include <security_utilities/threading.h>
+#include "BinaryKey.h"
+#include "AppleCSPUtils.h"
+
+class CSPKeyInfoProvider;
+
+/* avoid unnecessary includes.... */
+class AppleCSPPlugin;
+#ifdef BSAFE_CSP_ENABLE
+class BSafeFactory;
+#endif
+#ifdef CRYPTKIT_CSP_ENABLE
+class CryptKitFactory;
+#endif
+class MiscAlgFactory;
+#ifdef ASC_CSP_ENABLE
+class AscAlgFactory;
+#endif
+class RSA_DSA_Factory;
+class DH_Factory;
+
+/* one per attach/detach */
+class AppleCSPSession : public CSPFullPluginSession {
+public:
+
+ AppleCSPSession(
+ CSSM_MODULE_HANDLE handle,
+ AppleCSPPlugin &plug,
+ const CSSM_VERSION &Version,
+ uint32 SubserviceID,
+ CSSM_SERVICE_TYPE SubServiceType,
+ CSSM_ATTACH_FLAGS AttachFlags,
+ const CSSM_UPCALLS &upcalls);
+
+ ~AppleCSPSession();
+
+ CSPContext *contextCreate(
+ CSSM_CC_HANDLE handle,
+ const Context &context);
+ void setupContext(
+ CSPContext * &cspCtx,
+ const Context &context,
+ bool encoding);
+
+ // Functions declared in CSPFullPluginSession which we override.
+
+ // Free a key. If this is a reference key
+ // we generated, remove it from refKeyMap.
+ void FreeKey(const AccessCredentials *AccessCred,
+ CssmKey &KeyPtr,
+ CSSM_BOOL Delete);
+
+ void UnwrapKey(CSSM_CC_HANDLE CCHandle,
+ const Context &Context,
+ const CssmKey *PublicKey,
+ const CssmKey &WrappedKey,
+ uint32 KeyUsage,
+ uint32 KeyAttr,
+ const CssmData *KeyLabel,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
+ CssmKey &UnwrappedKey,
+ CssmData &DescriptiveData,
+ CSSM_PRIVILEGE Privilege);
+ void WrapKey(CSSM_CC_HANDLE CCHandle,
+ const Context &Context,
+ const AccessCredentials &AccessCred,
+ const CssmKey &Key,
+ const CssmData *DescriptiveData,
+ CssmKey &WrappedKey,
+ CSSM_PRIVILEGE Privilege);
+ void DeriveKey(CSSM_CC_HANDLE CCHandle,
+ const Context &Context,
+ CssmData &Param,
+ uint32 KeyUsage,
+ uint32 KeyAttr,
+ const CssmData *KeyLabel,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
+ CssmKey &DerivedKey);
+ void PassThrough(CSSM_CC_HANDLE CCHandle,
+ const Context &Context,
+ uint32 PassThroughId,
+ const void *InData,
+ void **OutData);
+ void getKeySize(const CssmKey &key,
+ CSSM_KEY_SIZE &size);
+
+ // add a BinaryKey to our refKeyMap. Sets up cssmKey
+ // as appropriate.
+ void addRefKey(
+ BinaryKey &binKey,
+ CssmKey &cssmKey);
+
+ // Given a CssmKey in reference form, obtain the associated
+ // BinaryKey.
+ BinaryKey &lookupRefKey(
+ const CssmKey &cssmKey);
+
+ // CSP's RNG. This redirects to Yarrow.
+ void getRandomBytes(size_t length, uint8 *cp);
+ void addEntropy(size_t length, const uint8 *cp);
+
+ Allocator &normAlloc() { return normAllocator; }
+ Allocator &privAlloc() { return privAllocator; }
+
+ #ifdef BSAFE_CSP_ENABLE
+ BSafeFactory &bSafe4Factory;
+ #endif
+ #ifdef CRYPTKIT_CSP_ENABLE
+ CryptKitFactory &cryptKitFactory;
+ #endif
+ MiscAlgFactory &miscAlgFactory;
+ #ifdef ASC_CSP_ENABLE
+ AscAlgFactory &ascAlgFactory;
+ #endif
+ RSA_DSA_Factory &rsaDsaAlgFactory;
+ DH_Factory &dhAlgFactory;
+
+private:
+ // storage of binary keys (which apps know as reference keys)
+ typedef std::map<KeyRef, const BinaryKey *> keyMap;
+ keyMap refKeyMap;
+ Mutex refKeyMapLock;
+ Allocator &normAllocator;
+ Allocator &privAllocator;
+
+ BinaryKey *lookupKeyRef(KeyRef keyRef);
+ void DeriveKey_PBKDF2(
+ const Context &Context,
+ const CssmData &Param,
+ CSSM_DATA *keyData);
+
+ void DeriveKey_PKCS5_V1_5(
+ const Context &context,
+ CSSM_ALGORITHMS algId,
+ const CssmData &Param,
+ CSSM_DATA *keyData);
+
+ void DeriveKey_OpenSSH1(
+ const Context &context,
+ CSSM_ALGORITHMS algId,
+ const CssmData &Param,
+ CSSM_DATA *keyData);
+
+ /* CMS wrap/unwrap, called out from standard wrap/unwrap */
+ void WrapKeyCms(
+ CSSM_CC_HANDLE CCHandle,
+ const Context &Context,
+ const AccessCredentials &AccessCred,
+ const CssmKey &UnwrappedKey,
+ CssmData &rawBlob,
+ bool allocdRawBlob, // callee has to free rawBlob
+ const CssmData *DescriptiveData,
+ CssmKey &WrappedKey,
+ CSSM_PRIVILEGE Privilege);
+
+ void UnwrapKeyCms(
+ CSSM_CC_HANDLE CCHandle,
+ const Context &Context,
+ const CssmKey &WrappedKey,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
+ CssmKey &UnwrappedKey,
+ CssmData &DescriptiveData,
+ CSSM_PRIVILEGE Privilege,
+ cspKeyStorage keyStorage);
+
+ /* OpenSSHv1 wrap/unwrap, called out from standard wrap/unwrap */
+ void WrapKeyOpenSSH1(
+ CSSM_CC_HANDLE CCHandle,
+ const Context &Context,
+ const AccessCredentials &AccessCred,
+ BinaryKey &unwrappedBinKey,
+ CssmData &rawBlob,
+ bool allocdRawBlob, // callee has to free rawBlob
+ const CssmData *DescriptiveData,
+ CssmKey &WrappedKey,
+ CSSM_PRIVILEGE Privilege);
+
+ void UnwrapKeyOpenSSH1(
+ CSSM_CC_HANDLE CCHandle,
+ const Context &Context,
+ const CssmKey &WrappedKey,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *CredAndAclEntry,
+ CssmKey &UnwrappedKey,
+ CssmData &DescriptiveData,
+ CSSM_PRIVILEGE Privilege,
+ cspKeyStorage keyStorage);
+
+ /*
+ * Used for generating crypto contexts at this level.
+ * Analogous to AlgorithmFactory.setup().
+ */
+ bool setup(
+ CSPFullPluginSession::CSPContext * &cspCtx,
+ const Context &context);
+
+ /*
+ * Find a CSPKeyInfoProvider subclass for the specified key.
+ */
+ CSPKeyInfoProvider *infoProvider(
+ const CssmKey &key);
+
+ void pkcs8InferKeyHeader(
+ CssmKey &key);
+
+ void opensslInferKeyHeader(
+ CssmKey &key);
+
+}; /* AppleCSPSession */
+
+
+#endif //_APPLE_CSP_SESSION_H_
projects / apple / security.git / blobdiff